Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2022-47424

    Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51925

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sazzad Hu Testimonial Slider Shortcode allows Stored XSS.This issue affects Testimonial Slider Shortcode: from n/a through 1.1.9.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51891

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 4B Systems sp. z o.o Official SalesWizard CRM Plugin allows Stored XSS.This issue affects Official SalesWizard CRM Plugin: from n/a through 1.0.2.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51850

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bchristopeit WoW Guild Armory Roster allows Stored XSS.This issue affects WoW Guild Armory Roster: from n/a through 0.5.5.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51905

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ravi & Suma RSV PDF Preview allows Stored XSS.This issue affects RSV PDF Preview: from n/a through 1.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51869

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Best WP Developer Gutenium Blocks allows Stored XSS.This issue affects Gutenium Blocks: from n/a through 1.1.5.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-51929

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Spectrum Icon Widget allows DOM-Based XSS.This issue affects Icon Widget: from n/a through 1.1.0.... Read more

    Affected Products :
    • Published: Nov. 19, 2024
    • Modified: Nov. 19, 2024

  • 5.4

    MEDIUM
    CVE-2024-11247

    A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The man... Read more

    Affected Products : online_eyewear_shop
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.0

    HIGH
    CVE-2024-11248

    A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer over... Read more

    Affected Products : ac10_firmware ac10
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 8.2

    HIGH
    CVE-2024-39726

    IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or co... Read more

    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-11256

    A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument username leads to sql injection. The attack may ... Read more

    Affected Products : portfolio_management_system_mca
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 6.1

    MEDIUM
    CVE-2024-11259

    A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /fornecedores.php. The manipulation leads to cross site scripting. The attack may be initiated remot... Read more

    Affected Products : farmacia farmacia farmacia
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-46613

    WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_free_split, string_free_split_command, and string_free_sp... Read more

    Affected Products : weechat
    • Published: Nov. 10, 2024
    • Modified: Nov. 19, 2024

  • 7.5

    HIGH
    CVE-2024-27532

    wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types.... Read more

    Affected Products :
    • Published: Nov. 08, 2024
    • Modified: Nov. 19, 2024

  • 6.1

    MEDIUM
    CVE-2024-9609

    The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'learnpress_import_form_server' parameter in all versions up to, and including, 4.0.4 due to insufficient input ... Read more

    Affected Products : learnpress_export_import
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 6.4

    MEDIUM
    CVE-2024-10113

    The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping on... Read more

    Affected Products : wp_adcenter
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-11257

    A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is possible... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2024-11258

    A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can ... Read more

    Affected Products : beauty_parlour_management_system
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 6.5

    MEDIUM
    CVE-2024-45609

    GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vuln... Read more

    Affected Products : glpi
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 5.5

    MEDIUM
    CVE-2024-49536

    Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issu... Read more

    Affected Products : macos windows audition
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024
Showing 20 of 291389 Results